philipbrown / signature-php
此包已被废弃,不再维护。未建议替代包。
HMAC-SHA身份验证
v5.1.2
2015-04-30 07:51 UTC
Requires
- php: >=5.4
Requires (Dev)
- phpunit/phpunit: ~4.0
README
PHP 5.4+版本的Signature Ruby gem
安装
将philipbrown/signature-php
添加到composer.json
的依赖项中
$ composer require philipbrown/signature-php
什么是HMAC-SHA身份验证?
HMAC-SHA身份验证允许您使用散列签名实现非常简单的密钥/秘密身份验证,用于您的API。
发送请求
use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Request; $data = ['name' => 'Philip Brown']; $token = new Token('abc123', 'qwerty'); $request = new Request('POST', 'users', $data); $auth = $request->sign($token); $http->post('users', array_merge($auth, $data));
验证响应
use PhilipBrown\Signature\Auth; use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Guards\CheckKey; use PhilipBrown\Signature\Guards\CheckVersion; use PhilipBrown\Signature\Guards\CheckTimestamp; use PhilipBrown\Signature\Guards\CheckSignature; use PhilipBrown\Signature\Exceptions\SignatureException; $auth = new Auth('POST', 'users', $_POST, [ new CheckKey, new CheckVersion, new CheckTimestamp, new CheckSignature ]); $token = new Token('abc123', 'qwerty'); try { $auth->attempt($token); } catch (SignatureException $e) { // return 4xx }
更改默认HTTP请求前缀
默认情况下,此包在请求中使用auth_*
。在签名和验证请求时,您可以更改此行为。
// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature $request->sign($token); // the HTTP request now uses x-version, x-key, x-timestamp and x-signature $request->sign($token, 'x-');
如果您更改了默认设置,则需要相应地验证请求。
$auth->attempt($token, 'x-');